PT-2024-37961 · Python+12 · Cpython+12

Bas Bloemsaat

Published

2024-07-12

Updated

2026-05-26

CVE-2024-6923

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CPython (affected versions not specified)

Description The issue concerns the email module in CPython, which did not properly quote newlines for email headers when serializing an email message. This allows for header injection when an email is serialized, potentially enabling a remote authenticated attacker to spoof sender identity, gain unauthorized email sending, or cause loss of control over email communication by persuading a victim to open a specially crafted email.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

ALSA-2024:5962

ALSA-2024:6146

ALSA-2024:6163

ALSA-2024:6179

ALSA-2024:6961

ALSA-2024:6962

ALSA-2024:6975

ALT-PU-2024-12993

ALT-PU-2024-14497

AZL-47346

AZL-47367

AZL-47385

BDU:2025-12325

BIT-LIBPYTHON-2024-6923

BIT-LIBPYTHON-2026-1299

BIT-PYTHON-2024-6923

BIT-PYTHON-2026-1299

BIT-PYTHON-MIN-2024-6923

BIT-PYTHON-MIN-2026-1299

CESA-2024_5962

CESA-2024_6961

CESA-2024_6962

CESA-2024_6975

CLEANSTART-2026-BM51903

CLEANSTART-2026-CI66802

CLEANSTART-2026-KM27583

CLEANSTART-2026-SP91806

CLEANSTART-2026-SY44974

CLEANSTART-2026-WV76464

CVE-2024-6923

DLA-3980-1

DLA-4010-1

DLA-4354-1

INFSA-2024_5962

INFSA-2024_6146

INFSA-2024_6163

INFSA-2024_6179

INFSA-2024_6961

INFSA-2024_6962

INFSA-2024_6975

MGASA-2024-0317

OESA-2024-2116

OESA-2024-2117

OESA-2024-2118

OESA-2024-2119

OPENSUSE-SU-2024:14249-1

OPENSUSE-SU-2024:14253-1

OPENSUSE-SU-2024:14254-1

OPENSUSE-SU-2024:14255-1

OPENSUSE-SU-2024:14256-1

OPENSUSE-SU-2024:14295-1

OPENSUSE-SU-2024:14434-1

OPENSUSE-SU-2024_2974-1

OPENSUSE-SU-2024_2982-1

OPENSUSE-SU-2024_3076-1

OPENSUSE-SU-2024_3200-1

OPENSUSE-SU-2024_3303-1

OPENSUSE-SU-2024_3470-1

OPENSUSE-SU-2025:15713-1

PSF-2024-8

PSF-2026-8

RHSA-2024:5962

RHSA-2024:6146

RHSA-2024:6163

RHSA-2024:6179

RHSA-2024:6909

RHSA-2024:6915

RHSA-2024:6961

RHSA-2024:6962

RHSA-2024:6975

RHSA-2024:7137

RHSA-2024:7415

RHSA-2024:8103

RHSA-2024_5962

RHSA-2024_6146

RHSA-2024_6163

RHSA-2024_6179

RHSA-2024_6961

RHSA-2024_6962

RHSA-2024_6975

RHSA-2026:2128

RHSA-2026:4165

RHSA-2026:4168

RHSA-2026:4216

RHSA-2026:4463

RHSA-2026:4473

RHSA-2026:4713

RHSA-2026:4746

RHSA-2026:5152

RHSA-2026:5215

RHSA-2026:5216

RHSA-2026:5218

RHSA-2026:5219

RHSA-2026:5221

RHSA-2026:5223

RHSA-2026:5225

RHSA-2026:5226

RHSA-2026:5315

RHSA-2026:5399

RHSA-2026:6008

RHSA-2026:6253

RHSA-2026:6464

RHSA-2026:7443

RHSA-2026:7661

RHSA-2026:8822

RHSA-2026:8824

RLSA-2024:6146

RLSA-2024:6961

RLSA-2024:6962

RLSA-2024:6975

SUSE-SU-2024:2974-1

SUSE-SU-2024:2982-1

SUSE-SU-2024:3076-1

SUSE-SU-2024:3200-1

SUSE-SU-2024:3293-1

SUSE-SU-2024:3294-1

SUSE-SU-2024:3302-1

SUSE-SU-2024:3303-1

SUSE-SU-2024:3470-1

SUSE-SU-2024:4020-1

SUSE-SU-2024:4021-1

SUSE-SU-2024:4029-1

SUSE-SU-2024_2974-1

SUSE-SU-2024_3200-1

SUSE-SU-2024_3293-1

SUSE-SU-2024_3294-1

SUSE-SU-2024_3302-1

SUSE-SU-2025:02089-1

SUSE-SU-2025:20025-1

SUSE-SU-2025:20154-1

SUSE-SU-2025:20374-1

SUSE-SU-2025_02089-1

USN-7015-1

USN-7015-5

USN-7015-6

Affected Products

Alt Linux

Almalinux

Astra Linux

Cpython

Centos

Debian

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-37961 · Python+12 · Cpython+12

CVE-2024-6923

Weakness Enumeration

Related Identifiers

Affected Products

References · 394